If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Uh oh, SSL! 200 PS3s gunning for you

Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats.

...A single attempt for constructing a chosen-prefix collision costs about a little more than a day. The first stage consisting of the birthday search is computationally the most expensive. Luckily it is also very suited for the special SPU cores of the Cell Processor that the Sony PlayStation 3 uses. We had about 200 PS3s at our disposal, located at the "PlayStation Lab" of Arjen Lenstra at EPFL, Lausanne, Switzerland (see the picture). The birthdaying takes about 18 hours on the 200 PS3s using 30GB of memory that was equally divided over the PS3s.

I vaguely recall this exposure (MD5 collisions) publicized a few years ago. I guess someone finally implemented the theory. To mitigate the risk, you salt the key before encryption. Use a large salt sequence. That should make it practically "impossible"... at least for a little while. FYI.. VeriSign no longer uses MD5 for their checksum.

Game consoles use hardware specialized for the computational needs of the detailed 3D graphics in games. This hardware is also very suited for the basic arithmetic used in cryptographic algorithms and greatly outperforms general purpose computers on brute-force computations. We have found that one PlayStation 3 game console is equivalent to about 40 modern single core processors. The most computationally intensive part of our method required about 3 days of work with over 200 game consoles, which is equivalent to 32 years of computing on a typical desktop computer. Common graphic cards have been used by some for MD5 cryptanalysis as well.

GPU and game console processors are much better at this sort of thing than your general purpose PC processor.

We alerted to this story some days ago but it's now official. Independent researchers Jacob Appelbaum and Alexander Sotirov, as well as computer scientists from the Centrum Wiskunde&Informatica, the Ecole Polytechnique Federale de Lausanne, the Eindhoven University of Technology and the University of California, Berkeley have successfully used 200 PS3's to break of one of the MD5 algorithms used in issuing security certificates for websites.Security certificates are used to confirm that a website is legitimate and not an attempt to mislead the visitor. Once the team broke though the algorithm, they were able to hack into the RapidSSL.com website. After this, the team was able to produce false security certificates that had identical MD5 hash values as legitimate certificates.